The present invention relates generally to one-time passwords (OTP), and more particularly to distribution of OTP token keys for unconnected OTP tokens.
A one-time password is used to improve the security of an online transaction or to strengthen the user authentication by averting replay attacks because the one-time password is valid for only one use and often only for a limited period of time. OTPs may be generated using various mechanisms including using mathematical algorithms based on a sequence (e.g., based on the value of a counter) or time (e.g., time-synchronized OTP tokens in which the current time is used to generate the password).
One-time password generators are used to generate one-time passwords. One common form of a one-time password generator is a key fob in a form-factor similar to the token illustrated in FIG. 2 (wherein one side of the token is illustrated in FIG. 2A and the opposite side of the token is illustrated in FIG. 2B). In the case of such tokens, a user presses a small button to trigger the generation of the next OTP. The user then uses the newly generated OTP to authenticate with another device or program, such as a web service, for example. When the relying party, e.g., the web service, receives the OTP it confirms the OTP with an authentication server that may confirm or invalidate the OTP as generated by the token in possession of the user.
Both sequence-based OTP algorithms and time-synchronized OTP algorithms use a symmetric secret key to generate an OTP, a key which is known to both the OTP generator and the OTP authentication server. For example, a sequence-based OTP may be generated using a function of the form OTP=f(n, k) where n is the sequence number and k is the secret key associated with the OTP generator, e.g., the particular OTP token. A time-based OTP algorithm may have the form OTP=f(time, k) where time is e.g., the UNIX-time expressed in half-minute, and k is the secret key.
In the case of an unconnected, OTP token, e.g., a key fob, the symmetric key associated with the token is stored in a secure, inaccessible manner in the token. For the authentication algorithm to work, i.e., for the authentication server being presented with an OTP from a particular token, the authentication server must also have the symmetric key so that it can independently calculate the OTP and thereby verify the correctness of the presented OTP. Therefore, one issue in OTP-based security is the distribution of the symmetric keys to the authentication servers.
Traditionally, OTP tokens are issued in large lots assigned to particular web services. For example, an OTP token manufacturer may produce one lot of tokens for ABC bank and another lot for Greystone Enterprises. These companies may then issue the tokens to their customers. The companies may be referred to as token issuers. The manufacturer would supply the secret key associated with each token in the lot directly to the issuers, for example, in a file supplied on a CD-ROM or some other secure form of distribution. Thus, each issuer would possess the secret symmetric keys associated with the tokens it issues and would therefore be able to verify the OTP passwords presented to it.
While the aforementioned process works well for large deployments (1,000 and larger), the process is more problematic for smaller roll-outs as managing the concurrent, secure distribution of the tokens and their respective secret keys imposes significant constraints on packaging and fulfillment processes. For instance, to propose a web-based distribution process through an e-commerce site, a micro-site needs to be created for each customer along with its dedicated inventory of tokens to ensure that the keys are sent to the issuer of the token. This means that the manufacturer must associate particular tokens with particular e-commerce sites and must securely distribute the key file to the corresponding issuer. That may require a manufacturer to set aside an inventory of tokens dedicated to each particular issuer.
A further limitation of the aforementioned process is that it provides no mechanism by which an end-user may purchase an individual OTP token from an independent third party, e.g., a retail outlet, for use with an issuer that is not pre-assigned to a token. While an e-commerce site may wish to provide its users with the capability of using OTP tokens for enhanced security, the e-commerce site may wish to be able to direct its customers to obtain the OTP tokens from an independent third party so that it does not need to be involved in the process of providing tokens to end-users. However, the current mechanism for providing the symmetric key associated with OTP tokens does not allow for such deployments.
A further drawback to the aforementioned key distribution process is that there are several potential risks. The key file must be correctly distributed to the issuer or the issuer may not have the symmetric key available when an end-user seeks to register a token. A failure of the process to deliver the symmetric key file to the issuer would render registration of a token impossible.
As OTPs rely on symmetric encryption technology, the keys should be distributed securely. This requirement puts significant constraints on the inventory management, as one needs to be able to reconstruct the exact list of token IDs shipped to the issuer in order to prepare, encrypt and transmit the key information to the issuer. The problem is particularly vexing when dealing with small size customers or for the renewal of large customers as the overhead to execute these tasks remains ostensibly the same for much smaller revenue.
From the foregoing it is apparent that there is a need for an improved method to provide distribution of keys associated with unconnected OTP tokens in a manner that allows for small deployments of OTP tokens and delivery of OTP tokens via third parties such as retailers.